activemerchant 1.45.0 → 1.126.0

data/lib/active_merchant/billing/gateways/moneris.rb

@@ -2,7 +2,6 @@ require 'rexml/document'
 
 module ActiveMerchant #:nodoc:
   module Billing #:nodoc:
-
     # To learn more about the Moneris gateway, please contact
     # eselectplus@moneris.com for a copy of their integration guide. For
     # information on remote testing, please see "Test Environment Penny Value
@@ -14,7 +13,7 @@ module ActiveMerchant #:nodoc:
       self.live_url = 'https://www3.moneris.com/gateway2/servlet/MpgRequest'
 
       self.supported_countries = ['CA']
-      self.supported_cardtypes = [:visa, :master, :american_express, :diners_club, :discover]
+      self.supported_cardtypes = %i[visa master american_express diners_club discover]
       self.homepage_url = 'http://www.moneris.com/'
       self.display_name = 'Moneris'
 
@@ -34,7 +33,7 @@ module ActiveMerchant #:nodoc:
         requires!(options, :login, :password)
         @cvv_enabled = options[:cvv_enabled]
         @avs_enabled = options[:avs_enabled]
-        options = { :crypt_type => 7 }.merge(options)
+        options[:crypt_type] = 7 unless options.has_key?(:crypt_type)
         super
       end
 
@@ -47,12 +46,20 @@ module ActiveMerchant #:nodoc:
         requires!(options, :order_id)
         post = {}
         add_payment_source(post, creditcard_or_datakey, options)
-        post[:amount]     = amount(money)
-        post[:order_id]   = options[:order_id]
-        post[:address]    = options[:billing_address] || options[:address]
+        post[:amount] = amount(money)
+        post[:order_id] = options[:order_id]
+        post[:address] = options[:billing_address] || options[:address]
         post[:crypt_type] = options[:crypt_type] || @options[:crypt_type]
-        action = (post[:data_key].blank?) ? 'preauth' : 'res_preauth_cc'
-        commit(action, post)
+        add_external_mpi_fields(post, options)
+        add_stored_credential(post, options)
+        action = if post[:cavv] || options[:three_d_secure]
+                   'cavv_preauth'
+                 elsif post[:data_key].blank?
+                   'preauth'
+                 else
+                   'res_preauth_cc'
+                 end
+        commit(action, post, options)
       end
 
       # This action verifies funding on a customer's card and readies them for
@@ -63,12 +70,20 @@ module ActiveMerchant #:nodoc:
         requires!(options, :order_id)
         post = {}
         add_payment_source(post, creditcard_or_datakey, options)
-        post[:amount]     = amount(money)
-        post[:order_id]   = options[:order_id]
-        post[:address]    = options[:billing_address] || options[:address]
+        post[:amount] = amount(money)
+        post[:order_id] = options[:order_id]
+        post[:address] = options[:billing_address] || options[:address]
         post[:crypt_type] = options[:crypt_type] || @options[:crypt_type]
-        action = (post[:data_key].blank?) ? 'purchase' : 'res_purchase_cc'
-        commit(action, post)
+        add_external_mpi_fields(post, options)
+        add_stored_credential(post, options)
+        action = if post[:cavv] || options[:three_d_secure]
+                   'cavv_purchase'
+                 elsif post[:data_key].blank?
+                   'purchase'
+                 else
+                   'res_purchase_cc'
+                 end
+        commit(action, post, options)
       end
 
       # This method retrieves locked funds from a customer's account (from a
@@ -79,7 +94,7 @@ module ActiveMerchant #:nodoc:
       # gateways the two numbers are concatenated together with a ; separator as
       # the authorization number returned by authorization
       def capture(money, authorization, options = {})
-        commit 'completion', crediting_params(authorization, :comp_amount => amount(money))
+        commit 'completion', crediting_params(authorization, comp_amount: amount(money))
       end
 
       # Voiding requires the original transaction ID and order ID of some open
@@ -117,15 +132,43 @@ module ActiveMerchant #:nodoc:
       end
 
       def refund(money, authorization, options = {})
-        commit 'refund', crediting_params(authorization, :amount => amount(money))
+        commit 'refund', crediting_params(authorization, amount: amount(money))
       end
 
+      def verify(credit_card, options = {})
+        requires!(options, :order_id)
+        post = {}
+        add_payment_source(post, credit_card, options)
+        post[:order_id] = options[:order_id]
+        post[:address] = options[:billing_address] || options[:address]
+        post[:crypt_type] = options[:crypt_type] || @options[:crypt_type]
+        add_stored_credential(post, options)
+        action = if post[:data_key].blank?
+                   'card_verification'
+                 else
+                   'res_card_verification_cc'
+                 end
+        commit(action, post)
+      end
+
+      # When passing a :duration option (time in seconds) you can create a
+      # temporary vault record to avoid incurring Moneris vault storage fees
+      #
+      # https://developer.moneris.com/Documentation/NA/E-Commerce%20Solutions/API/Vault#vaulttokenadd
       def store(credit_card, options = {})
         post = {}
         post[:pan] = credit_card.number
         post[:expdate] = expdate(credit_card)
+        post[:address] = options[:billing_address] || options[:address]
         post[:crypt_type] = options[:crypt_type] || @options[:crypt_type]
-        commit('res_add_cc', post)
+        add_stored_credential(post, options)
+
+        if options[:duration]
+          post[:duration] = options[:duration]
+          commit('res_temp_add', post)
+        else
+          commit('res_add_cc', post)
+        end
       end
 
       def unstore(data_key, options = {})
@@ -143,35 +186,115 @@ module ActiveMerchant #:nodoc:
         commit('res_update_cc', post)
       end
 
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        transcript.
+          gsub(%r((<store_id>).+(</store_id>)), '\1[FILTERED]\2').
+          gsub(%r((<api_token>).+(</api_token>)), '\1[FILTERED]\2').
+          gsub(%r((<pan>).+(</pan>)), '\1[FILTERED]\2').
+          gsub(%r((<cvd_value>).+(</cvd_value>)), '\1[FILTERED]\2').
+          gsub(%r((<cavv>).+(</cavv>)), '\1[FILTERED]\2')
+      end
+
       private # :nodoc: all
 
       def expdate(creditcard)
-        sprintf("%.4i", creditcard.year)[-2..-1] + sprintf("%.2i", creditcard.month)
+        sprintf('%.4i', creditcard.year)[-2..-1] + sprintf('%.2i', creditcard.month)
+      end
+
+      def add_external_mpi_fields(post, options)
+        # See these pages:
+        # https://developer.moneris.com/livedemo/3ds2/cavv_purchase/tool/php
+        # https://developer.moneris.com/livedemo/3ds2/cavv_preauth/guide/php
+        return unless options[:three_d_secure]
+
+        three_d_secure_options = options[:three_d_secure]
+
+        post[:threeds_version] = three_d_secure_options[:version]
+        post[:crypt_type] = three_d_secure_options[:eci]
+        post[:cavv] = three_d_secure_options[:cavv]
+        post[:threeds_server_trans_id] = three_d_secure_options[:three_ds_server_trans_id]
+        post[:ds_trans_id] = three_d_secure_options[:ds_transaction_id]
       end
 
-      def add_payment_source(post, source, options)
-        if source.is_a?(String)
-          post[:data_key]   = source
-          post[:cust_id]    = options[:customer]
+      def add_payment_source(post, payment_method, options)
+        if payment_method.is_a?(String)
+          post[:data_key] = payment_method
+          post[:cust_id] = options[:customer]
         else
-          if source.respond_to?(:track_data) && source.track_data.present?
-            post[:pos_code]   = '00'
-            post[:track2]     = source.track_data
+          if payment_method.respond_to?(:track_data) && payment_method.track_data.present?
+            post[:pos_code] = '00'
+            post[:track2] = payment_method.track_data
           else
-            post[:pan]        = source.number
-            post[:expdate]    = expdate(source)
-            post[:cvd_value]  = source.verification_value if source.verification_value?
+            post[:pan] = payment_method.number
+            post[:expdate] = expdate(payment_method)
+            post[:cvd_value] = payment_method.verification_value if payment_method.verification_value?
+            post[:cavv] = payment_method.payment_cryptogram if payment_method.is_a?(NetworkTokenizationCreditCard)
+            post[:wallet_indicator] = wallet_indicator(payment_method.source.to_s) if payment_method.is_a?(NetworkTokenizationCreditCard)
+            post[:crypt_type] = (payment_method.eci || 7) if payment_method.is_a?(NetworkTokenizationCreditCard)
+          end
+          post[:cust_id] = options[:customer] || payment_method.name
+        end
+      end
+
+      def add_cof(post, options)
+        post[:issuer_id] = options[:issuer_id] if options[:issuer_id]
+        post[:payment_indicator] = options[:payment_indicator] if options[:payment_indicator]
+        post[:payment_information] = options[:payment_information] if options[:payment_information]
+      end
+
+      def add_stored_credential(post, options)
+        add_cof(post, options)
+        # if any of :issuer_id, :payment_information, or :payment_indicator is not passed,
+        # then check for :stored credential options
+        return unless (stored_credential = options[:stored_credential]) && !cof_details_present?(options)
+
+        if stored_credential[:initial_transaction]
+          add_stored_credential_initial(post, options)
+        else
+          add_stored_credential_used(post, options)
+        end
+      end
+
+      def add_stored_credential_initial(post, options)
+        post[:payment_information] ||= '0'
+        post[:issuer_id] ||= ''
+        if options[:stored_credential][:initiator] == 'merchant'
+          case options[:stored_credential][:reason_type]
+          when 'recurring', 'installment'
+            post[:payment_indicator] ||= 'R'
+          when 'unscheduled'
+            post[:payment_indicator] ||= 'C'
           end
-          post[:cust_id] = options[:customer] || source.name
+        else
+          post[:payment_indicator] ||= 'C'
+        end
+      end
+
+      def add_stored_credential_used(post, options)
+        post[:payment_information] ||= '2'
+        post[:issuer_id] = options[:stored_credential][:network_transaction_id] if options[:issuer_id].blank?
+        if options[:stored_credential][:initiator] == 'merchant'
+          case options[:stored_credential][:reason_type]
+          when 'recurring', 'installment'
+            post[:payment_indicator] ||= 'R'
+          when '', 'unscheduled'
+            post[:payment_indicator] ||= 'U'
+          end
+        else
+          post[:payment_indicator] ||= 'Z'
         end
       end
 
       # Common params used amongst the +credit+, +void+ and +capture+ methods
       def crediting_params(authorization, options = {})
         {
-          :txn_number => split_authorization(authorization).first,
-          :order_id   => split_authorization(authorization).last,
-          :crypt_type => options[:crypt_type] || @options[:crypt_type]
+          txn_number: split_authorization(authorization).first,
+          order_id: split_authorization(authorization).last,
+          crypt_type: options[:crypt_type] || @options[:crypt_type]
         }.merge(options)
       end
 
@@ -185,36 +308,47 @@ module ActiveMerchant #:nodoc:
         end
       end
 
-      def commit(action, parameters = {})
+      def commit(action, parameters = {}, options = {})
+        threed_ds_transaction = options[:three_d_secure].present?
+
         data = post_data(action, parameters)
         url = test? ? self.test_url : self.live_url
         raw = ssl_post(url, data)
         response = parse(raw)
 
-        Response.new(successful?(response), message_from(response[:message]), response,
-          :test          => test?,
-          :avs_result    => { :code => response[:avs_result_code] },
-          :cvv_result    => response[:cvd_result_code] && response[:cvd_result_code][-1,1],
-          :authorization => authorization_from(response)
+        Response.new(
+          successful?(action, response, threed_ds_transaction),
+          message_from(response[:message]),
+          response,
+          test: test?,
+          avs_result: { code: response[:avs_result_code] },
+          cvv_result: response[:cvd_result_code] && response[:cvd_result_code][-1, 1],
+          authorization: authorization_from(response)
         )
       end
 
       # Generates a Moneris authorization string of the form 'trans_id;receipt_id'.
       def authorization_from(response = {})
-        if response[:trans_id] && response[:receipt_id]
-          "#{response[:trans_id]};#{response[:receipt_id]}"
-        end
+        "#{response[:trans_id]};#{response[:receipt_id]}" if response[:trans_id] && response[:receipt_id]
       end
 
       # Tests for a successful response from Moneris' servers
-      def successful?(response)
-        response[:response_code] &&
-        response[:complete] &&
-        (0..49).include?(response[:response_code].to_i)
+      def successful?(action, response, threed_ds_transaction = false)
+        # See 9.4 CAVV Result Codes in https://developer.moneris.com/livedemo/3ds2/reference/guide/php
+        cavv_accepted = if threed_ds_transaction
+                          response[:cavv_result_code] && response[:cavv_result_code] == '2'
+                        else
+                          true
+                        end
+
+        cavv_accepted &&
+          response[:response_code] &&
+          response[:complete] &&
+          (0..49).cover?(response[:response_code].to_i)
       end
 
       def parse(xml)
-        response = { :message => "Global Error Receipt", :complete => false }
+        response = { message: 'Global Error Receipt', complete: false }
         hashify_xml!(xml, response)
         response
       end
@@ -222,16 +356,17 @@ module ActiveMerchant #:nodoc:
       def hashify_xml!(xml, response)
         xml = REXML::Document.new(xml)
         return if xml.root.nil?
+
         xml.elements.each('//receipt/*') do |node|
           response[node.name.underscore.to_sym] = normalize(node.text)
         end
       end
 
       def post_data(action, parameters = {})
-        xml   = REXML::Document.new
-        root  = xml.add_element("request")
-        root.add_element("store_id").text  = options[:login]
-        root.add_element("api_token").text = options[:password]
+        xml = REXML::Document.new
+        root = xml.add_element('request')
+        root.add_element('store_id').text = options[:login]
+        root.add_element('api_token').text = options[:password]
         root.add_element(transaction_element(action, parameters))
 
         xml.to_s
@@ -247,6 +382,8 @@ module ActiveMerchant #:nodoc:
             transaction.add_element(avs_element(parameters[:address])) if @avs_enabled && parameters[:address]
           when :cvd_info
             transaction.add_element(cvd_element(parameters[:cvd_value])) if @cvv_enabled
+          when :cof_info
+            transaction.add_element(credential_on_file(parameters)) if cof_details_present?(parameters)
           else
             transaction.add_element(key.to_s).text = parameters[key] unless parameters[key].blank?
           end
@@ -260,8 +397,8 @@ module ActiveMerchant #:nodoc:
         tokens = full_address.split(/\s+/)
 
         element = REXML::Element.new('avs_info')
-        element.add_element('avs_street_number').text = tokens.select{|x| x =~ /\d/}.join(' ')
-        element.add_element('avs_street_name').text = tokens.reject{|x| x =~ /\d/}.join(' ')
+        element.add_element('avs_street_number').text = tokens.select { |x| x =~ /\d/ }.join(' ')
+        element.add_element('avs_street_name').text = tokens.reject { |x| x =~ /\d/ }.join(' ')
         element.add_element('avs_zipcode').text = address[:zip]
         element
       end
@@ -269,39 +406,66 @@ module ActiveMerchant #:nodoc:
       def cvd_element(cvd_value)
         element = REXML::Element.new('cvd_info')
         if cvd_value
-          element.add_element('cvd_indicator').text = "1"
+          element.add_element('cvd_indicator').text = '1'
           element.add_element('cvd_value').text = cvd_value
         else
-          element.add_element('cvd_indicator').text = "0"
+          element.add_element('cvd_indicator').text = '0'
         end
         element
       end
 
+      def cof_details_present?(parameters)
+        parameters[:issuer_id] && parameters[:payment_indicator] && parameters[:payment_information]
+      end
+
+      def credential_on_file(parameters)
+        issuer_id = parameters[:issuer_id]
+        payment_indicator = parameters[:payment_indicator]
+        payment_information = parameters[:payment_information]
+
+        cof_info = REXML::Element.new('cof_info')
+        cof_info.add_element('issuer_id').text = issuer_id
+        cof_info.add_element('payment_indicator').text = payment_indicator
+        cof_info.add_element('payment_information').text = payment_information
+        cof_info
+      end
+
+      def wallet_indicator(token_source)
+        return 'APP' if token_source == 'apple_pay'
+        return 'ANP' if token_source == 'android_pay'
+
+        nil
+      end
+
       def message_from(message)
         return 'Unspecified error' if message.blank?
-        message.gsub(/[^\w]/, ' ').split.join(" ").capitalize
+
+        message.gsub(/[^\w]/, ' ').split.join(' ').capitalize
       end
 
       def actions
         {
-          "purchase"           => [:order_id, :cust_id, :amount, :pan, :expdate, :crypt_type, :avs_info, :cvd_info, :track2, :pos_code],
-          "preauth"            => [:order_id, :cust_id, :amount, :pan, :expdate, :crypt_type, :avs_info, :cvd_info, :track2, :pos_code],
-          "command"            => [:order_id],
-          "refund"             => [:order_id, :amount, :txn_number, :crypt_type],
-          "indrefund"          => [:order_id, :cust_id, :amount, :pan, :expdate, :crypt_type],
-          "completion"         => [:order_id, :comp_amount, :txn_number, :crypt_type],
-          "purchasecorrection" => [:order_id, :txn_number, :crypt_type],
-          "cavvpurcha"         => [:order_id, :cust_id, :amount, :pan, :expdate, :cav],
-          "cavvpreaut"         => [:order_id, :cust_id, :amount, :pan, :expdate, :cavv],
-          "transact"           => [:order_id, :cust_id, :amount, :pan, :expdate, :crypt_type],
-          "Batchcloseall"      => [],
-          "opentotals"         => [:ecr_number],
-          "batchclose"         => [:ecr_number],
-          "res_add_cc"         => [:pan, :expdate, :crypt_type],
-          "res_delete"         => [:data_key],
-          "res_update_cc"      => [:data_key, :pan, :expdate, :crypt_type],
-          "res_purchase_cc"    => [:data_key, :order_id, :cust_id, :amount, :crypt_type],
-          "res_preauth_cc"     => [:data_key, :order_id, :cust_id, :amount, :crypt_type]
+          'purchase' => %i[order_id cust_id amount pan expdate crypt_type avs_info cvd_info track2 pos_code cof_info],
+          'preauth' => %i[order_id cust_id amount pan expdate crypt_type avs_info cvd_info track2 pos_code cof_info],
+          'command' => [:order_id],
+          'refund' => %i[order_id amount txn_number crypt_type],
+          'indrefund' => %i[order_id cust_id amount pan expdate crypt_type],
+          'completion' => %i[order_id comp_amount txn_number crypt_type],
+          'purchasecorrection' => %i[order_id txn_number crypt_type],
+          'cavv_preauth' => %i[order_id cust_id amount pan expdate cavv crypt_type wallet_indicator],
+          'cavv_purchase' => %i[order_id cust_id amount pan expdate cavv crypt_type wallet_indicator],
+          'card_verification' => %i[order_id cust_id pan expdate crypt_type avs_info cvd_info cof_info],
+          'transact' => %i[order_id cust_id amount pan expdate crypt_type],
+          'Batchcloseall' => [],
+          'opentotals' => [:ecr_number],
+          'batchclose' => [:ecr_number],
+          'res_add_cc' => %i[pan expdate crypt_type avs_info cof_info],
+          'res_temp_add' => %i[pan expdate crypt_type duration],
+          'res_delete' => [:data_key],
+          'res_update_cc' => %i[data_key pan expdate crypt_type avs_info cof_info],
+          'res_purchase_cc' => %i[data_key order_id cust_id amount crypt_type cof_info],
+          'res_preauth_cc' => %i[data_key order_id cust_id amount crypt_type cof_info],
+          'res_card_verification_cc' => %i[order_id data_key expdate crypt_type cof_info]
         }
       end
     end

data/lib/active_merchant/billing/gateways/money_movers.rb

@@ -8,7 +8,7 @@ module ActiveMerchant #:nodoc:
       self.homepage_url = 'http://mmoa.us/'
       self.display_name = 'MoneyMovers'
       self.supported_countries = ['US']
-      self.supported_cardtypes = [:visa, :master, :american_express, :discover]
+      self.supported_cardtypes = %i[visa master american_express discover]
 
       def initialize(options = {})
         requires!(options, :login, :password)
@@ -45,7 +45,7 @@ module ActiveMerchant #:nodoc:
       end
 
       def refund(money, authorization, options = {})
-        commit('refund', money, options.merge(:transactionid => authorization))
+        commit('refund', money, options.merge(transactionid: authorization))
       end
 
       def credit(money, authorization, options = {})
@@ -114,11 +114,10 @@ module ActiveMerchant #:nodoc:
         message = message_from(response)
 
         Response.new(success?(response), message, response,
-          :test => test?,
-          :authorization => response['transactionid'],
-          :avs_result => {:code =>  response['avsresponse']},
-          :cvv_result => response['cvvresponse']
-        )
+          test: test?,
+          authorization: response['transactionid'],
+          avs_result: { code: response['avsresponse'] },
+          cvv_result: response['cvvresponse'])
       end
 
       def success?(response)
@@ -126,17 +125,17 @@ module ActiveMerchant #:nodoc:
       end
 
       def test?
-        (@options[:login].eql?('demo')) && (@options[:password].eql?('password'))
+        @options[:login].eql?('demo') && @options[:password].eql?('password')
       end
 
       def message_from(response)
         case response['response'].to_i
         when APPROVED
-          "Transaction Approved"
+          'Transaction Approved'
         when DECLINED
-          "Transaction Declined"
+          'Transaction Declined'
         else
-          "Error in transaction data or system error"
+          'Error in transaction data or system error'
         end
       end
 
@@ -144,9 +143,8 @@ module ActiveMerchant #:nodoc:
         parameters[:type] = action
         parameters[:username] = @options[:login]
         parameters[:password] = @options[:password]
-        parameters.map{|k, v| "#{k}=#{CGI.escape(v.to_s)}"}.join('&')
+        parameters.map { |k, v| "#{k}=#{CGI.escape(v.to_s)}" }.join('&')
       end
     end
   end
 end
-